Do the difficult things while they are easy and do the great things while they are small. A journey of a thousand miles begins with a single step.
~ Lao Tzu
Next post on Ransomware!
It would be Great knowledgeable posts ❤️
#postalert #staytunned
~ @geekcode #share & #supportus
~ Lao Tzu
Next post on Ransomware!
It would be Great knowledgeable posts ❤️
#postalert #staytunned
~ @geekcode #share & #supportus
What is Ransomware ?
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
For query : @geekserverbot
@geekcode
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
For query : @geekserverbot
@geekcode
How does ransomware work?
Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.
For query : @geekserverbot
@geekcode
Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.
For query : @geekserverbot
@geekcode
What can I do to protect my data and networks?
Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
Store your backups separately. Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer. (See the Software Engineering Institute’s page on Ransomware).
Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
For query : @geekserverbot
~ @geekcode
Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
Store your backups separately. Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer. (See the Software Engineering Institute’s page on Ransomware).
Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
For query : @geekserverbot
~ @geekcode
How does Pegasus inject malware into a user's mobile phone?
Prior to 2019, one of the methods used by Pegasus to penetrate mobile phones was through a WhatsApp video missed call. It seems WhatsApp fixed that vulnerability.
But now we have learnt that Pegasus is using Apple's messaging application, iMessage, available on iPhones, to inject malware in mobile phones. What Pegasus Spyware seems to be doing is that it's sending a properly drafted message on the phone embedded with a malware. The owner of the mobile phone doesn't even need to click on the message to activate the malware. Even if the victim deletes the message from iMessage, the malware would still penetrate the phone. It seems to me that iMessage has a similar bug that WhatsApp had earlier.
@geekcode
Prior to 2019, one of the methods used by Pegasus to penetrate mobile phones was through a WhatsApp video missed call. It seems WhatsApp fixed that vulnerability.
But now we have learnt that Pegasus is using Apple's messaging application, iMessage, available on iPhones, to inject malware in mobile phones. What Pegasus Spyware seems to be doing is that it's sending a properly drafted message on the phone embedded with a malware. The owner of the mobile phone doesn't even need to click on the message to activate the malware. Even if the victim deletes the message from iMessage, the malware would still penetrate the phone. It seems to me that iMessage has a similar bug that WhatsApp had earlier.
@geekcode
What is CHFI (Cyber Hacking Forensic investigator)
Computer Hacking Forensic Investigator certification validates that you have the knowledge and skills to detect hacking attacks, to properly obtain evidence needed to report the crime and prosecute the cybercriminal, and to conduct an analysis that enables you to prevent future attacks.
CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
@geekcode
Computer Hacking Forensic Investigator certification validates that you have the knowledge and skills to detect hacking attacks, to properly obtain evidence needed to report the crime and prosecute the cybercriminal, and to conduct an analysis that enables you to prevent future attacks.
CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
@geekcode
Scope of Cyber Forensics?
Cyber Forensics courses are gaining increasing popularity among students. This is due to the rapid growth in incidents of online and mobile phone frauds.
Objectives form the basis of cyber forensics course:
📌Knowledge of the approach and methods of cyber crime investigations
📌Understanding the defensive measures of damage control in response to cyber attacks
📌Knowledge of the proactive methods of avoiding cyber crimes
📌Recognizing the clues to identify and prevent potential cyber attacks
📌Learning the various types of risks involved in computerized and networking operations.
Join & share our channel
@geekcode
Cyber Forensics courses are gaining increasing popularity among students. This is due to the rapid growth in incidents of online and mobile phone frauds.
Objectives form the basis of cyber forensics course:
📌Knowledge of the approach and methods of cyber crime investigations
📌Understanding the defensive measures of damage control in response to cyber attacks
📌Knowledge of the proactive methods of avoiding cyber crimes
📌Recognizing the clues to identify and prevent potential cyber attacks
📌Learning the various types of risks involved in computerized and networking operations.
Join & share our channel
@geekcode
If you guys want cyber forensic courses checkout our resource channel
https://t.me/joinchat/RbqYHjjg67Yac19x
@geekcode
https://t.me/joinchat/RbqYHjjg67Yac19x
@geekcode
What is SMB?
SMB (Server Message Block) Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.
Servers make file systems and other resources (printers, named pipes, APIs) available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers.
The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client and server to establish a connection. Clients connect to servers using TCP/IP (actually NetBIOS over TCP/IP, NetBEUI or IPX/SPX.
@geekcode
SMB (Server Message Block) Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.
Servers make file systems and other resources (printers, named pipes, APIs) available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers.
The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client and server to establish a connection. Clients connect to servers using TCP/IP (actually NetBIOS over TCP/IP, NetBEUI or IPX/SPX.
@geekcode
#bugbounty
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9
@geekcode
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9
@geekcode
Medium
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
Talking of a bug I found a long time back which led to the bypassing of CSP in an electron app :)
What is Telnet?
Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.
The telnet client will establish a connection with the server. The client will then become a virtual terminal- allowing you to interact with the remote host.
Telnet sends all messages in clear text and has no specific security mechanisms. Thus, in many applications and services, Telnet has been replaced by SSH in most implementations.
~ @geekcode
Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.
The telnet client will establish a connection with the server. The client will then become a virtual terminal- allowing you to interact with the remote host.
Telnet sends all messages in clear text and has no specific security mechanisms. Thus, in many applications and services, Telnet has been replaced by SSH in most implementations.
~ @geekcode